Open source ecosystems npm and PyPI have again become high‑value targets in a coordinated software supply chain attack. Cybersecurity researchers have linked a new campaign, dubbed graphalgo, to the North Korea‑aligned Lazarus APT group. By combining fake blockchain job offers, realistic coding tests and staged malicious package updates, the attackers aim to compromise developers, exfiltrate sensitive data and steal cryptocurrency assets.
graphalgo campaign: staged malicious updates in npm and PyPI
The graphalgo operation has been active since at least May 2025, according to analysis by ReversingLabs. Threat actors publish apparently benign libraries to npm and the Python Package Index (PyPI), then later introduce a hidden payload in subsequent versions. This “clean‑then‑poisoned” release strategy is designed to build trust and adoption before weaponising the package.
A notable example is the npm package bigmathutils. Its initial version contained only harmless mathematical utilities and accumulated more than 10,000 downloads, enough to appear legitimate in many organisations’ dependency trees. In the very next release, the attackers injected malicious code. Similar tactics were observed across multiple npm and PyPI libraries uploaded via fabricated developer accounts.
Social engineering through fake blockchain companies and coding tests
The technical compromise is preceded by targeted social engineering. The actors stand up fictitious companies, such as the purported blockchain investment firm Veltrix Capital, complete with registered domains, professional‑looking websites and GitHub organisations. Public repositories host “coding assignments” in Python and JavaScript, mimicking real hiring processes in the crypto and fintech sectors.
Developers are approached on LinkedIn, Facebook, Reddit and niche programming forums. Candidates are instructed to clone a GitHub repository and run the project locally as part of a technical assessment. The assignment code itself is typically clean; instead, the compromise occurs indirectly when the project installs npm or PyPI dependencies that have been backdoored in later versions. This model allows the attackers to weaponise standard build workflows such as npm install and pip install.
Remote Access Trojan, MetaMask targeting and token‑based C2
Once a malicious dependency is installed, it drops a Remote Access Trojan (RAT) onto the victim’s machine. A RAT is a tool that enables full remote control over an infected system. In this campaign, the malware periodically connects to a command‑and‑control (C2) server, executing instructions such as system reconnaissance, file and process enumeration, directory manipulation, and file upload/download operations.
Researchers highlight a token‑based C2 authentication mechanism as a distinctive feature. On initial check‑in, the infected host sends device information and receives a unique token. All subsequent C2 traffic is tied to this token, complicating traffic spoofing, sinkholing and infrastructure mapping by defenders. Similar tokenised C2 designs were previously observed in 2023 operations attributed to the North Korean group Jade Sleet (also tracked as TraderTraitor / UNC4899).
The RAT also checks for the presence of the popular crypto‑wallet browser extension MetaMask. This strongly suggests a financially motivated objective alongside espionage, with attackers attempting to pivot toward theft of cryptocurrency and access to browser‑based wallets.
New malicious npm packages: Bada Stealer and XPACK ATTACK
duer-js and the Bada Stealer infostealer
In parallel with graphalgo, JFrog researchers identified another malicious npm package, duer-js, uploaded by the user luizaearlyx. Marketed as a utility to “improve console window visibility”, the package actually embedded the Bada Stealer infostealer.
Bada Stealer harvests Discord tokens, browser passwords, cookies and autofill data from Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser and others. It also collects information about local cryptocurrency wallets and system metadata. Stolen data is exfiltrated to a Discord webhook and mirrored to the file‑sharing service Gofile. A secondary component is then deployed that persists via Discord Desktop auto‑start, self‑updates, and directly targets Discord client data, including linked payment methods.
XPACK ATTACK: extortion via npm install and HTTP 402 abuse
A separate campaign, named XPACK ATTACK and first recorded on 4 February 2026 by the OpenSourceMalware initiative, demonstrates a different monetisation model. All associated npm packages were published by the account dev.chandra_bose and focus on on‑install extortion rather than classic data theft.
The malicious code abuses HTTP status 402 Payment Required to simulate a legitimate paywall. During npm install, the package presents the requirement to pay 0.1 USDC/ETH to a specified wallet address before continuing the installation. Meanwhile, it fingerprints the environment and collects GitHub usernames. If the victim refuses to pay, the installation fails after a delay of more than five minutes, making the event look like a normal licensing failure instead of a malware incident.
Software supply chain security: lessons for developers and organisations
These campaigns reinforce a broader trend: the software supply chain is now a primary attack surface for both cybercriminals and state‑sponsored APT groups. Past incidents such as the event‑stream npm compromise, the UA‑Parser‑JS hijack and the SolarWinds intrusion have already shown how a single poisoned dependency can cascade across thousands of organisations. Current npm and PyPI attacks apply the same logic to developer‑centric ecosystems and the crypto industry.
To reduce exposure, organisations should tighten control over open source dependencies: maintain private mirrors and allow‑lists of vetted packages, monitor version history and publisher reputation, and integrate software composition analysis (SCA) and malware scanning into CI/CD pipelines. Developers should treat unsolicited “take‑home tests” and cloned repositories from recruiters with caution, validating dependency manifests and scrutinising newly introduced packages before installation.
Raising awareness of techniques like fake hiring processes, staged malicious updates, token‑based C2 and on‑install extortion helps teams detect anomalies earlier and respond faster. By combining stricter dependency governance, automated security tooling and a healthy scepticism toward external code, organisations can significantly reduce the risk of npm and PyPI supply chain compromises and better safeguard both corporate systems and personal cryptocurrency assets.
